I was setting up a static website on Amazon S3. This process is fairly simply. Finally I wanted to create an user that can only deploy this one single bucket. As with all other user accounts I wanted to follow the least privilege model. So the default S3-Full Access policy was not an option for me.
I created a new policy granting full access to this specific bucket. It looked like this:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::myBucket/*", "arn:aws:s3:::myBucket"] } ] }
I assigned this to the user that uploads my site and started the upload. Peng! Access Denied.
After some investigation I discovered that the ListAllMyBuckets action is causing that problem. I added a second policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "arn:aws:s3:::*" }] }
This solved my issue and the upload work fine.